Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Scan ScanSafe's annual report for heuristic experience

Report gives state of global information security threats
Security Strategies Alert By M. E. Kabay , Network World , 04/24/2008
Sign up for this newsletter now!

ScanSafe offers what it calls “Web Security-as-a-Service” by providing a managed service (meaning there’s nothing for customers to install or maintain on-premise) that routes its clients’ Web traffic through secure proxies to scan content in real-time, protecting them from malware as well as providing a way for them to enforce acceptable Web usage policies.

Recently, ScanSafe released its 25-page “Annual Global Threat Report: Trends for January 2007-December 2007,” which is available with a non-intrusive registration from its Web site. The report was written by Senior Security Researcher Mary Landesman, who is a frequent contributor to the about.com series of articles on fighting viruses.

Here are some of the highlights of the report:

* The company’s services include sophisticated heuristic scanners as part of the “Outbreak Intelligence threat detection technology.”
* It scanned “more than 80 billion Web requests and blocked more than 800 million Web threats in 2007 on behalf of corporate customers in over 50 countries.”
* Sites hosting malicious code increased their uptime (Time to Live or TTL) over the course of 2007, with TTL around 18 days in the first half of the year but around 29 days in the second half of the year.
* About 21% of the threats detected by the company’s systems were zero-day exploits (that is, new attacks without signatures that could be used by signature-based scanners).
* Ten malware families accounted for 97% of all the observed events.
* The most frequent type of attack in the blocked events was password-stealing malware (about 37% of total attacks).
* Executables and scripts (including PHP, EXE, JS, and DLL and other code-containing files) constituted about 71% of the threats that were blocked.
* Bogus “malware scanners” post flash popups that claim to scan user computers to “discover” extensive infection – and magically remove the non-existent infections for a modest fee.
* Macro viruses and e-mail worms now constitute “less than 0.1% of all blocks.”

The last section, “2008 Security threat predictions,” has interesting suggestions that are discussed in detail. Quoting exactly from the section’s introduction:

* Cyber criminals follow the money: Web 2.0 will continue to fuel high profile attacks
* Remote and roaming security becomes a mounting pain point for businesses
* Continued pressure to end public disclosure of “Whois” Information
* Growing underground market for warehousing and selling of stolen database information
* Storm worm hangover continues well into 2008.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

what are the benefits of project management - Anonymous

Join the Discussion